Cryptam // document analysis


Sample Details

original filename: 559b1ff54ff746bee2fed54b8344631b

size: 883712 bytes
submitted: 2017-03-16 00:43:02
md5: 559b1ff54ff746bee2fed54b8344631b
sha1: 9d12cd656186e4d0c971984a78b52a7cee185d8c
sha256: 182d3ea38e45c35f22cb7bf09f4dd5fbae419ece94f370f317dfc6e757f81e77
ssdeep: 12288:AK2mhAMJ/cPlLoEDrnbDpYP9e51pEVzMW2eNQ8h7UH16kyc3HS4Mr2TWA/pw8Xfj:d2O/GlLVnbD0eWNz2eR7AMkycLZpN7
content/type: Composite Document File V2 Document, No summary info
analysis time: 2.75 s
result: malware [72]
embedded executable: found

signature hits:

1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
9441: string.This program cannot be run in DOS mode
90973: string.GetSystemMetrics
90195: string.GetProcAddress
89509: string.CloseHandle
89637: string.CreateFileA
90801: string.KERNEL32
90151: string.ExitProcess
dropped.file exe e1a26b5259343176bae93e3519efec2f / 874349 bytes / @ 9363


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 9363
md5: e1a26b5259343176bae93e3519efec2f
sha1: 757cb0975c7f3c78e8fd02b841d29d44e5a1d641
sha256: 6b21a2d1be207a9bc98de094c5e08ec0d2c56c324b082699b6ea4a9ff67ef6da
view strings